Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 19:10

General

  • Target

    1c2b3d66ef3096be649e774285a39026_JaffaCakes118.html

  • Size

    60KB

  • MD5

    1c2b3d66ef3096be649e774285a39026

  • SHA1

    dd86c980a1d82cc079a2702d2c5eed43e57ca0bb

  • SHA256

    d59e43420ba850f280af5113e358c0ba75c677655fc801e99cb92a381f0966bd

  • SHA512

    2ac6361f3513b3a9753f37968b6258f0ae4e94e2e36541ccaba8aeaab095554dd9b4ccc0b95a9777d2bd7f0da78e50d80a21bc180e1900e3866f917b1a382f28

  • SSDEEP

    1536:dQVTL5gtXdsLoFQVTL5gUuwzk7m2O2KWS1Nhz5LLE4CGrqGeIB/Ifj:o2O2KWS1NFpi

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1c2b3d66ef3096be649e774285a39026_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    51077696cb2992b7e43c123b9267809d

    SHA1

    d1438757f21122f55bc8e8b84fa65b07e2c163fb

    SHA256

    d5971f6d7af132873dd80baa32caa4e229a8b73679a48e4269104a99d3243fca

    SHA512

    e32a42182aa3a60d5ffbb39eface4d471b759e1b6d3a6a49af22d40a83a230f432b1dec3b28b4c27f760b4e26c16b636346977d2b20812a55ab4e58c9bb0850d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8263dda0b407d3c7a85b887eca1fe1b

    SHA1

    b5b7beee24371bbf51eb648f017956eb4ab7cfd4

    SHA256

    2d0afec615d6dadf3f90062f5d0c575c30d083c040d539b94b0707fa9638c74f

    SHA512

    c1301cd6b8b3f1c9d22a4b2cb9dfec52fc6d8f15586774b7ec12b0c13af02d20e5e9e1a33d20824170e59de98664fb22c1ebecc23ed1fb054bb033db320e0b88

  • C:\Users\Admin\AppData\Local\Temp\Cab232C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar232D.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b